False Positive found with Folding@Home

[Kougar]

To whom it may concern, I use Avast Home 4.7 and it returned a false positive with a random Folding@Home protein file, "wudata_08.chk" claiming it to be part of the "Nutcracker family". Avast ignored the Protein p2427_Ribo-Cl-aux data files until step 73 out of 100, upon which is suddenly met the right criteria to trigger Avast, which promptly locked out the file.

A quick search on both here and Stanford's forums shows Avast has a very long past history of false positives with Folding@Home's work/data files spanning the last two years, including this same Nutcracker issue a year ago. However since other programs such as AVG and Mcafee do not share this issue it is problem specific to Avast's signature files or detection methods.

I am making this post to see if anything can be done about it and inform anyone that works on compatibility issues with Avast.

[Lisandro]

To know if a file is a false positive, please submit it to JOTTI or VirusTotal and let us know the result. If it is indeed a false positive, send it in a password protected zip to virus@avast.com
Please, mention in the body of the message why you think it is a false positive and the password used. Thanks.
VirusTotal and Jotti both have file size limits 10 and 15MB each.

As a workaround, you can add these files to the Standard Shield provider (on-access scanning) exclusion list.
Left click the 'a' blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button...
You can use wildcards like * and ?. But be carefull, you should 'exclude' that many files that let your system in danger.
After that, please, periodically check it - scan it into Chest, right clicking the file -  there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected as being infected then you can also remove it from the Exclusion list.

This link is a tutorial on how to help correct a virus detection that you believe to be false:
http://forum.avast.com/index.php?topic=25009.msg204838#msg204838
or http://forum.avast.com/index.php?topic=7779.msg62586#msg62586

[Kougar]

Thank you for your reply!  I will make note of the work around for future reference.

Unfortunately at the time I was in a hurry and restarted the program after disabling Avast, so I am unable to send the same data file because the work unit was completed and sent back to the originating server.

I have downloaded another Protein p2427_Ribo-Cl-aux file to work on, and will see if Avast again identifies the work files with a false positive. If it does I will save a copy of the work unit and send it in as instructed. Currently it is at step 30 out of 100.

Thank you for the info and the tutorial links, I will use those.

[oldman]

You should be able to find the path of the detected file in the logs under warning.

[Kougar]

You should be able to find the path of the detected file in the logs under warning.

Yes, but that was not the problem. As I said above since I firmly believe it to be a false positive I told Avast to ignore it, then restarted Folding@Home. The file was a temporary file full of random data computations that is constantly changed by the program as it computes the protein chain. Once it finished it transmits that file and other data to the home server and removes all leftover files from the home machine. The file doesn't exist anymore, hence why I can't send it in.